[DOCKER] [Unauthorized Operation] A memorandum because an error occurred when creating an EC2 instance.


An error occurred when starting a container on an EC2 instance from a Docker host. AWS, Docker, and Docker machines are just starting to learn, and I feel like I'm groping when an error occurs, but I've solved it, so I'll summarize it as a memorandum. Also, if anyone is suffering from the same error, I hope it helps. It may be a detour, but I would like to hear your opinions at that time.

Hypothesis testing

First of all, this is the error statement this time. We will resolve the error by verifying the hypothesis that can be considered from the error statement.


% docker-machine create --driver amazonec2 --amazonec2-open-port 8000 --amazonec2-vpc-region ap-northeast-1 <EC2 instance name>
(EC2 instance name) Couldn't determine your account Default VPC ID : "UnauthorizedOperation: You are not authorized to perform this operation.\n\tstatus code: 403, request id: <~~request id~~>"
Error setting machine configuration from flags provided: amazonec2 driver requires either the --amazonec2-subnet-id or --amazonec2-vpc-id option or an AWS Account with a default vpc-id
  1. No default VPC

When I checked the VPC dashboard, it existed, so it seems that this was not the cause. I specified vpc-id directly as an argument, but I still couldn't create an EC2 instance.


Error that you do not have permission to operate this operation.

-Why do I get the error message "You are not authorized to perform this operation" when you try to launch an EC2 instance? -center / ec2-not-auth-launch /)

In such a case, it is better to look at the primary information and solve it as much as possible, so that future applications will be effective and there is no doubt that the information ***, so I checked it.

When I was thinking of trying to solve the problem by following the steps of the solution, I was struck by the lottery.


% aws --version

*** The aws command cannot be used *** The error statement command not found: aws.

So, let's start by installing amazon cli.

-Install, Update, and Uninstall AWS CLI

-Pass the path of AWS CLI *** I referred to this article for how to pass the AWS PATH. *** ***

  1. Since the error has not changed, I understand the current situation of not having authority

I'm trying to create an EC2 instance from a Docker host using IAM user credentials in the first place. Therefore, isn't there a problem with the description of the authentication information? I thought.

So first I doubted the environment variables.

I used to put the AWS IAM access key in an environment variable.

This time we are dealing with another IAM user's access key. However, the access key of the IAM user created last time was put in the environment variable and passed through the PATH. I wondered if I was warned that IAM was Unauthorized Operation because I didn't give it permission. Therefore, I deleted the access key (environment variable) of the previous IAM user once. I think it is better to put it in the PATH for each directory, but this time I deleted it.

The environment variables set in the following description have been deleted. *** * The setting method may differ depending on the version of your PC. *** ***


 vim ~/.zshrc

Change to insert mode (can be described) with i. After making changes, press esc,: wq, Enter to complete.
In this case, the PATH is not reflected yet, so execute the following.


source ~/.zshrc

Now you can create an EC2 instance from your Docker host! I thought, but another error.

I got another error, but when I saw that the error changed, it seems that I was trying to create an EC2 instance from an IAM that I did not have permission to (the IAM I created last time).

*** Another error was that the file was written incorrectly. *** (I forgot to note the terminal error ...) Therefore, modify the following ~ / .aws.credentials file.

Before correction

aws_access_key = <Authentication key>
aws_secret_access_key = <Authentication key>


aws_access_key_id = <Authentication key>
aws_secret_access_key = <Authentication key>

Check the ~ / .aws.credentials file. If you take a closer look at the types that are automatically written in the file when you create, the _id of aws_access_key is missing. It was an automatically generated type, so I was relieved, but it seems that is not the case.

After modifying the code, create an EC2 instance again.

*** Successful creation of EC2 instance from Docker host! !! *** ***


This time, there was more than one cause for the error, so I wondered if I had to make a hypothesis, select the best one, and verify it. When an error occurs, the part that I do not understand will be highlighted, so it will be a great learning experience. In this case, I strongly felt that I didn't understand enough about environment variables, AWS, and Linux. If an error occurs, it cannot be resolved without investigating the related issues, so even if an error occurs, we will apply it in the future by dealing positively.


--When an error occurs, there is not always one cause. ――We will formulate and test hypotheses and solve the best ones one by one. ――I have doubts even if it is automatically generated (especially where it is related to environment construction and security).


This article was written with reference to the following information.

-Why do I get the error message "You are not authorized to perform this operation" when you try to launch an EC2 instance? -center / ec2-not-auth-launch /)

-Install, Update, and Uninstall AWS CLI

-Pass the path of AWS CLI

Recommended Posts

[Unauthorized Operation] A memorandum because an error occurred when creating an EC2 instance.
[Rejected] A memorandum because an error occurred during deployment on Heroku
Error memorandum that occurred when creating a CI / CD environment [Rails + CircleCI + Capistrano + AWS]
A reminder when an aapt.exe error occurs
I get an error when adding a dependency
When introducing JOOQ to Spring boot, a story that was dealt with because an error occurred around Liquibase
A memorandum when creating a REST service with Spring Boot
A memorandum for creating an extended logger using org.slf4j.Logger
Error when deploying EC2
A story stuck with an error when building Vagrant + Virtulbox CentOS7.8 and creating a shared folder
When trying to insert a specific gem (levenshtein) with Docker, an error occurred without ruby-dev
A memorandum when running Apache Maven on an in-house proxy
An error occurred because only_full_group_by of sql_mode was not observed.
A validation error occurred when saving to the intermediate table.
[Memorandum] What is an error?
Collecting client information when an error occurs in a web application
How to create a web server on an EC2 instance on AWS